Bill Baer /bɛːr/

What’s new and what’s coming with SharePoint & OneDrive Security, Compliance, and Administration – October 2018 Edition In today’s complex and regulated environment, businesses need to focus on building more secure solutions that deliver value to their customers, partners, and shareholders—both in the cloud and on-premises. Microsoft has been building enterprise software for decades and running some of the largest online services in the world. We draw from this experience to keep making SharePoint and OneDrive more secure for users, by implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of your services and data.

Innovation in the cloud drives tremendous business value, and it delivers new capabilities to the IT professionals who work tirelessly to support, configure, administer, and secure their organizations’ content and services. Office 365 empowers you to support sophisticated requirements for security and compliance, to manage day-to-day operations, and to maximize the value of Office 365 to people in your organization. We’ve built Office 365 with global scale, exceptional reliability, and support for compliance across industries and geographies on top of intelligent security that keeps your service and content protected and private, we give you granular and dynamic controls so that you can manage access and distribution of your organization’s sensitive information.

In March 2017 we introduced device-based policies for SharePoint and OneDrive, that enable administrators to configure Tenant-level policies. Device-based access policies for SharePoint and OneDrive help administrators ensure corporate data is not leaked onto unmanaged devices such as non-domain joined or non-compliant devices by limiting access to the content to the browser, preventing files from being taken offline, printed, or synchronized with OneDrive. On September 1st, 2017 we continued to evolve our conditional access investments to address the ever-changing security landscape and business needs by introducing new levels of granularity with conditional access that allow administrators to scope device-based policies at the site collection level.

Security is at the heart of what we do… Microsoft has been building enterprise software for decades and running some of the largest online services in the world. We draw from this experience to keep making SharePoint and OneDrive more secure for users, implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of your services and data. Today we’re pleased to announce a new resource center where you can get the latest news on our security and compliance investments for SharePoint and OneDrive in addition to presentations, free training, eBooks and more.

In May 2017 we unveiled our plans [https://techcommunity.microsoft.com/t5/SharePoint-Blog/Introducing-the-new-SharePoint-Admin-Center/ba-p/70294] to simplify SharePoint administration through delivering an administrative experience that’s intuitive, intelligent, and simple. Since then we’ve made available the new admin experience as Preview for customers who have enabled Targeted Release at the Tenant level. In the next several weeks in our preview we’ll be introducing new updates on our journey to deliver an administrative console designed to help IT achieve more, so their users can achieve more.

When it comes to security your best line of defense is one that is reactive versus one that is proactive; however, how do you know how you’ll respond to a security incident if one hasn’t yet to occur…that’s where Attack Simulator in Office 365 shines, it’s what sets the security solutions we provide apart from other cloud services. Attack Simulator is designed to put you ahead of curve and keep you in front of the proverbial 8 ball.

This summer we introduced a consistent, coherent sharing experience across the Web and desktop – these improvements allow you to share Office 365 files directly from File Explorer on PC and Finder on Mac, in addition to the latest versions of Office on the desktop and Office 365 web experiences. The updates we made provide a simplified sharing experience, so you can share files and folders easily with partners both internal and external, while retaining the right level of security – so whether you share on the web, in Explorer on Windows 10 and Windows 7, or Finder or the Mac, the sharing experience is secure, consistent and simple.

In this post: SharePoint Admin Center Updates SharePoint Migration Tool Updates OneDrive Files Restore Microsoft has been building enterprise software for decades and running some of the largest online services in the world. We draw from this experience to keep making SharePoint and OneDrive more secure for users, implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of your services and data.

When moving your organization to cloud services, security concerns add another layer of consideration; one of trust. Security and compliance is an ongoing process, not a steady state. It is constantly maintained, enhanced, and verified by highly-skilled, experienced and trained personnel. We strive to keep software and hardware technologies up to date through robust processes. To help keep Office 365 security at the top of the industry, we use processes such as the Security Development Lifecycle; we also employ techniques that throttle traffic and prevent, detect, and mitigate breaches.

There’s a new culture of work; one that is increasingly diverse, geographically distributed, and mobile. Connectivity is ubiquitous and the ability to work remotely has become an ingrained part of the work practice. People have come to expect to be able to access email and documents from anywhere on any device - and for that experience to be seamless, among these trends includes the increasing use of shared systems, such as kiosks to access and work with corporate data.

Last week we announced Office 365 Data Loss Prevention Block Access (https://techcommunity.microsoft.com/t5/Security-Privacy-and-Compliance/Policy-Tips-in-SharePoint-Online-and-OneDrive-for-Business-at/ba-p/116158) with SharePoint Online and OneDrive for Business. Office 365 Data Loss Prevention Block Access prevents the potential for overexposure of sensitive information by allowing a Tenant administrator to configure Data Loss Prevention Policies limiting how and with whom sensitive information can be shared. For example, if a document is determined to contain sensitive information, for example U.S. Financial Data, a DLP policy can prevent that information from being shared externally or with guests while providing real-time policy information to the user attempting to initiate the share.

Balancing security and usability are core to ensuring people can collaborate effectively without interrupting the necessary flow of information across organizations. With SharePoint Online we’ve been at work developing security and sharing controls that are scoped at the site collection level. This allows Tenant administrators to configure more restrictive controls at the site collection level, than those that are configured at the Tenant level providing a balance between the need to protect corporate information and the requirement to collaborate effectively across and outside of the corporate boundary.

In March 2017 we introduced device-based policies for SharePoint and OneDrive, that enable administrators to configure Tenant-level policies. Device-based policies for SharePoint and OneDrive help administrators ensure corporate data is not leaked onto unmanaged devices such as non-domain joined or non-compliant devices by limiting access to the content to the browser, preventing files from being taken offline or synchronized with OneDrive. On September 1st, 2017 we’ve continued to evolve our conditional access investments to address the ever-changing security landscape and business needs by introducing new levels of granularity with conditional access that allow administrators to scope device-based policies at the site collection level.

Governments around the world are strengthening laws and regulations to protect citizens’ data, preserve national security, and protect business interests. Last week at Microsoft Ignite we announced new Multi-Geo Capabilities in Office 365 to help ensure you remain compliant with services to include SharePoint, OneDrive, and Exchange. The new Multi-Geo Capabilities in Microsoft 365 with SharePoint and OneDrive provide global organizations a solution to maximizing the value of Office 365, including SharePoint and OneDrive, while meeting data residency and compliance requirements.

Last week at Microsoft Ignite we shared our investments, our vision, and strategy for addressing today’s most challenging business and technology trends that are ever broadening the threat landscape. From meeting complex corporate and governmental regulatory compliance, to addressing a more mobile and connected workforce, SharePoint and OneDrive and uniquely positioned to address your business needs. Stay ahead of data residency requirements with Multi-Geo capabilities in Microsoft 365 Governments around the world are strengthening laws and regulations to protect citizens’ data, preserve national security, and protect business interests.

The risks to information exposure have increased in today’s collaboration landscape because users don’t always work on desktop computers. Access controls now need to account for users connecting their mobile devices to non-secure networks or using their own unmanaged devices. These new access controls start with conditional access policies. Conditional access allows you to keep your corporate data safe while providing your users a secure environment in which they can work from any device.

Today at the SharePoint Virtual Summit, we unveiled the latest innovations for SharePoint and OneDrive, including powerful integrations across Office 365, Windows and Azure - and while we continue to drive forward with a cloud-first, mobile-first vision - security and compliance are at the foundation of everything we do. Microsoft has been building enterprise software for decades and running some of the largest online services in the world. We draw from this experience to keep making SharePoint Online and OneDrive for Business more secure for users, implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of your services and data.

Today at the SharePoint Virtual Summit, we unveiled the latest innovations for SharePoint and OneDrive, including powerful integrations across Office 365, Windows and Azure. Innovation in the cloud drives tremendous business value, and it delivers new capabilities to the IT professionals who work tirelessly to support, configure, administer, and secure their organizations’ content and services. We’ve built Office 365 with global scale, exceptional reliability, and support for compliance across every industry and geography.

The days of the corporate boundary beginning at the firewall are over, today’s corporate boundary is the end user. Connectivity is ubiquitous and with an endless number of devices available, people have an increasing number of options for staying connected at anytime, anywhere. As a first step to providing administrators security and control in a mobile and connected world are conditional access policies. Conditional access provides the control and protection businesses need to keep their corporate data secure, while giving their people an experience that allows them to do their best work from any device.

In today’s complex and regulated environment, businesses need to focus on building more secure solutions that deliver value to their customers, partners, and shareholders—both in the cloud and on-premises. Microsoft has decades-long experience building enterprise software and running some of the largest online services in the world. For SharePoint Online and OneDrive for Business we use this experience to implement and continuously improve security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of services and data.

The collaboration landscape has changed, people expect to work across both boundaries and devices, to bring content with them versus bringing themselves to content. Location, location, location is the best choice when buying or selling a home, but introduces new challenges when it comes to securing that content. Ubiquitous connectivity and the proliferation of devices means responding to new security challenges. SharePoint Online and OneDrive for Business are uniquely positioned to help you address these challenges… Over the past several weeks we’ve introduced a variety of policies, to include location-based policies, that provide contextual controls at the user, location, device, and app levels and we’re excited to share you can now explore new device-based policies in First Release.

When choosing a cloud collaboration platform, the most important consideration is trust in your provider. Microsoft SharePoint and OneDrive for Business are covered by the core tenets of earning and maintaining trust: security, privacy, compliance, and transparency. With SharePoint and OneDrive, they’re your files. You own them and control them. The Microsoft approach to securing your files involves: A set of customer-managed tools that adapt to your organization and its security needs.

Unified eDiscovery and Data Loss Prevention in Office 365 allows Tenant Administrators to create, manage, and secure content from a unified console (Office 365 Security and Compliance Center). To date, Tenant Administrators have had to manage Data Loss Prevention for SharePoint, OneDrive for Business, and Exchange in two separate locations, the Office 365 Security and Compliance Center and the Exchange Admin Center respectively. In January 2017, Data Loss Prevention was centralized for SharePoint, OneDrive for Business and Exchange in the Office 365 Security and Compliance Center.

The days of the corporate boundary beginning at the firewall are over, today’s corporate boundary is the end user. Connectivity is ubiquitous and with an endless number of devices available, people have an increasing number of options for staying connected at anytime, anywhere. The freedom to work fluidly, independent of location has become an expectation as has the freedom to access email and documents from anywhere on any device—and that experience is expected to be seamless.

Shredded Storage is a new storage model implementation in SharePoint Server 2013 used to provide smoother I/O patterns, improve data transfer performance, and reduce storage utilization when using historical versions with SharePoint. This whitepaper provides a background of SharePoint products storage evolution and the implementation specifics and benefits of Shredded Storage in SharePoint 2013. Download: http://www.microsoft.com/en-us/download/details.aspx?id=39719

Introduction What is an Extranet? A common definition for the term Extranet is a network that enables controlled access to external users or an extension of an organization’s intranet extended to external users to include customers, partners, suppliers, etc. in isolation from other internet or intranet users. Extranet topologies with SharePoint Products have become an increasingly popular solution to enable collaboration with partners, customers, and external users; however, can be complex to implement and maintain over time.

Introduction Shredded storage is a new data platform improvement in SharePoint 2013 related to the management of large binary objects (I.e. BLOBS such as Microsoft PowerPoint Presentations, Microsoft Word Documents, etc.). Shredded Storage is both improves I/O and reduces compute utilization when making incremental changes to document or storing documents in SharePoint 2013. Shredded Storage builds upon the Cobalt (I.e. File Synchronization via SOAP of HTTP) protocol introduced in SharePoint 2010.